<!DOCTYPE html>
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>test.te</title>
<meta name="generator" content="KF5::SyntaxHighlighting (SELinux Policy)"/>
</head><body style="color:#1f1c1b"><pre>
<span style="color:#898887;"># Sample SELinux Policy</span>

<span style="color:#898887;">## </span><span style="color:#ca60ca;font-weight:bold;">&lt;summary&gt;</span>
<span style="color:#898887;">##  Sample SELinux Policy</span>
<span style="color:#898887;">## </span><span style="color:#ca60ca;font-weight:bold;">&lt;/summary&gt;</span>
<span style="color:#898887;">## </span><span style="color:#ca60ca;font-weight:bold;">&lt;desc&gt;</span>
<span style="color:#898887;">## </span><span style="color:#ca60ca;font-weight:bold;">&lt;p&gt;</span>
<span style="color:#898887;">##  This module is not functional,</span>
<span style="color:#898887;">##  but only to test the syntax highlighting.</span>
<span style="color:#898887;">## </span><span style="color:#ca60ca;font-weight:bold;">&lt;/p&gt;</span>
<span style="color:#898887;">## </span><span style="color:#ca60ca;font-weight:bold;">&lt;/desc&gt;</span>
<span style="color:#898887;">## </span><span style="color:#ca60ca;font-weight:bold;">&lt;required</span><span style="color:#0057ae;"> val</span><span style="color:#898887;">=</span><span style="color:#bf0303;">&quot;true&quot;</span><span style="color:#ca60ca;font-weight:bold;">&gt;</span>
<span style="color:#898887;">##  Depended on by other required modules.</span>
<span style="color:#898887;">## </span><span style="color:#ca60ca;font-weight:bold;">&lt;/required&gt;</span>

<span style="color:#006e28;font-weight:bold;">policycap</span> <span style="color:#006e28;">open_perms</span>;
<span style="font-weight:bold;">module</span> myapp <span style="color:#b08000;">1.0</span>;

<span style="font-weight:bold;">require</span> <span style="font-weight:bold;">{</span>
	<span style="font-weight:bold;">type</span> httpd_t;
	<span style="font-weight:bold;">type</span> httpd_sys_content_t;
	<span style="font-weight:bold;">type</span> initrc_t;
	<span style="font-weight:bold;">class</span> sock_file <span style="color:#bf0303;">write</span>;
	<span style="font-weight:bold;">class</span> unix_stream_socket <span style="color:#bf0303;">connectto</span>;
<span style="font-weight:bold;">}</span>

<span style="color:#bf0303;font-weight:bold;">allow</span> httpd_t httpd_sys_content_t:<span style="color:#0057ae;">sock_file</span> <span style="color:#bf0303;">write</span>;
<span style="color:#bf0303;font-weight:bold;">allow</span> httpd_t initrc_t:<span style="color:#0057ae;">unix_stream_socket</span> <span style="color:#bf0303;">connectto</span>;

<span style="color:#898887;"># Refpolicy</span>
<span style="color:#644a9b;font-style:italic;">tunable_policy</span>(<span style="color:#bf0303;">`allow_execmem'</span>,<span style="color:#bf0303;font-weight:bold;">`</span>
	/usr/share/holas<span style="color:#ff5500;">(</span><span style="color:#ff5500;">/</span><span style="color:#3daee9;">.*</span><span style="color:#ff5500;">)</span><span style="color:#3daee9;">?</span><span style="font-weight:bold;"> --</span> <span style="color:#644a9b;font-style:italic;">gen_context</span>(<span style="color:#006e28;">system_u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">holas_t</span>,<span style="color:#006e28;">s0</span>,<span style="color:#006e28;">fdf</span>,<span style="color:#006e28;">df</span>);
<span style="color:#bf0303;font-weight:bold;">'</span>)
<span style="color:#898887;"># M4 Macros</span>
<span style="color:#644a9b;font-weight:bold;">regexp</span>(<span style="color:#bf0303;">`GNUs not Unix'</span>, <span style="color:#bf0303;font-weight:bold;">`</span><span style="color:#924c9d;">\w\(\w</span><span style="color:#3daee9;">+</span><span style="color:#924c9d;">\)</span><span style="color:#3daee9;">$</span><span style="color:#bf0303;font-weight:bold;">'</span>, <span style="color:#bf0303;font-weight:bold;">`</span><span style="color:#3daee9;">***</span> <span style="color:#924c9d;">\&amp;</span> <span style="color:#3daee9;">***</span> <span style="color:#924c9d;">\1</span> <span style="color:#3daee9;">***</span><span style="color:#bf0303;font-weight:bold;">'</span>)
<span style="color:#644a9b;font-weight:bold;">ifdef</span>(<span style="color:#bf0303;">`distro_ubuntu'</span>,<span style="color:#bf0303;font-weight:bold;">`</span>
	<span style="color:#644a9b;">unconfined_domain</span>(chkpwd_t)
<span style="color:#bf0303;font-weight:bold;">'</span>)

<span style="font-weight:bold;">dominance</span> <span style="font-weight:bold;">{</span> <span style="color:#644a9b;">gen_dominance</span>(<span style="color:#b08000;">0</span>,<span style="color:#644a9b;font-weight:bold;">decr</span>(<span style="color:#0057ae;">$1</span>)) <span style="font-weight:bold;">}</span>;
<span style="color:#bf0303;font-weight:bold;">neverallow</span> <span style="color:#0057ae;">user</span>=_isolated <span style="color:#0057ae;">domain</span>=<span style="color:#ff5500;">((</span><span style="color:#ca60ca;">?!</span><span style="color:#ff5500;">isolated_app</span><span style="color:#ff5500;">)</span><span style="color:#3daee9;">.</span><span style="color:#ff5500;">)</span><span style="color:#3daee9;">*</span>

<span style="color:#bf0303;font-weight:bold;">allow</span> consoletype_t <span style="color:#006e28;">self</span>:<span style="color:#0057ae;">capability</span> <span style="font-weight:bold;">{</span> <span style="color:#bf0303;">sys_admin</span> <span style="color:#bf0303;">sys_tty_config</span> <span style="font-weight:bold;">}</span>;
<span style="color:#bf0303;font-weight:bold;">allow</span> consoletype_t <span style="color:#006e28;">self</span>:<span style="color:#0057ae;">msg</span> <span style="font-weight:bold;">{</span> <span style="color:#bf0303;">send</span> <span style="color:#bf0303;">receive</span> <span style="font-weight:bold;">}</span>;

<span style="color:#898887;"># sample for administrative user</span>
<span style="font-weight:bold;">user</span> jadmin <span style="font-weight:bold;">roles</span> <span style="font-weight:bold;">{</span> staff_r sysadm_r <span style="font-weight:bold;">}</span>;
<span style="color:#898887;"># sample for regular user</span>
<span style="font-weight:bold;">user</span> jdoe <span style="font-weight:bold;">roles</span> <span style="font-weight:bold;">{</span> user_r <span style="font-weight:bold;">}</span>;

<span style="font-weight:bold;">default_user</span> process <span style="font-weight:bold;">source</span>;
<span style="font-weight:bold;">default_range</span> process <span style="font-weight:bold;">source</span> <span style="color:#b08000;font-weight:bold;">low</span>;

<span style="font-weight:bold;">sid</span> devnull;
<span style="font-weight:bold;">sid</span> sysctl;

<span style="font-weight:bold;">common</span> file <span style="font-weight:bold;">{</span> <span style="color:#bf0303;">ioctl</span> <span style="color:#bf0303;">read</span> <span style="color:#bf0303;">write</span> <span style="color:#bf0303;">create</span> <span style="color:#bf0303;">getattr</span> <span style="color:#bf0303;">setattr</span> <span style="color:#bf0303;">lock</span> <span style="color:#bf0303;">relabelfrom</span> <span style="color:#bf0303;">relabelto</span> <span style="color:#bf0303;">append</span> <span style="color:#bf0303;">map</span> <span style="color:#bf0303;">unlink</span> <span style="color:#bf0303;">link</span> <span style="color:#bf0303;">rename</span> <span style="color:#bf0303;">execute</span> <span style="color:#bf0303;">swapon</span> <span style="color:#bf0303;">quotaon</span> <span style="color:#bf0303;">mounton</span> <span style="font-weight:bold;">}</span>;
<span style="font-weight:bold;">class</span> dir <span style="font-weight:bold;">inherits</span> file <span style="font-weight:bold;">{</span> <span style="color:#bf0303;">add_name</span> <span style="color:#bf0303;">remove_name</span> <span style="color:#bf0303;">reparent</span> <span style="color:#bf0303;">search</span> <span style="color:#bf0303;">rmdir</span> <span style="color:#bf0303;">open</span> <span style="color:#bf0303;">audit_access</span> <span style="color:#bf0303;">execmod</span> <span style="font-weight:bold;">}</span>;
<span style="font-weight:bold;">class</span> class;

<span style="font-weight:bold;">sensitivity</span> s0 <span style="font-weight:bold;">alias</span> sens0;
<span style="font-weight:bold;">category</span> c0 <span style="font-weight:bold;">alias</span> cat0;

<span style="font-weight:bold;">mlsconstrain</span> dir <span style="font-weight:bold;">{</span> <span style="color:#bf0303;">search</span> <span style="color:#bf0303;">read</span> <span style="color:#bf0303;">ioctl</span> <span style="color:#bf0303;">lock</span> <span style="font-weight:bold;">}</span>
	(( <span style="color:#006e28;">h1</span> <span style="color:#0057ae;font-weight:bold;">dom</span> <span style="color:#006e28;">h2</span> ) <span style="color:#0057ae;font-weight:bold;">or</span> ( <span style="color:#006e28;">t1</span> <span style="color:#0057ae;font-weight:bold;">==</span> mcsreadall ) <span style="color:#0057ae;font-weight:bold;">or</span>
	(( <span style="color:#006e28;">t1</span> <span style="color:#0057ae;font-weight:bold;">!=</span> mcs_constrained_type ) <span style="color:#0057ae;font-weight:bold;">and</span> (<span style="color:#006e28;">t2</span> <span style="color:#0057ae;font-weight:bold;">==</span> domain)));

<span style="font-weight:bold;">attribute_role</span> dpkg_roles;
<span style="font-weight:bold;">roleattribute</span> system_r dpkg_roles;

<span style="font-weight:bold;">role</span> system_r <span style="font-weight:bold;">types</span> system_t;
<span style="font-weight:bold;">role_transition</span> hello init_script_file_type system_r;

<span style="font-weight:bold;">level</span> <span style="color:#607880;">s0</span>:<span style="color:#607880;">c0</span>;
<span style="font-weight:bold;">user</span> user_u <span style="font-weight:bold;">roles</span> role_r <span style="font-weight:bold;">level</span> <span style="color:#607880;">s1</span>:<span style="color:#607880;">c1</span> <span style="font-weight:bold;">range</span> <span style="color:#607880;">s1</span>:<span style="color:#607880;">c1</span> - <span style="color:#607880;">s2</span>:<span style="color:#607880;">c2</span>;
<span style="font-weight:bold;">range_transition</span> initrc_t auditd_exec_t:<span style="color:#0057ae;">process</span> <span style="color:#607880;">s15</span>:<span style="color:#607880;">c0</span>.<span style="color:#607880;">c255</span> - <span style="color:#607880;">s20</span>;
<span style="font-weight:bold;">range_transition</span> source target:<span style="color:#0057ae;">class</span> <span style="color:#607880;">s1</span> - <span style="color:#607880;">s2</span> dsd;
<span style="font-weight:bold;">range_transition</span> source target:<span style="color:#0057ae;">class</span> <span style="color:#607880;">s1</span> ;

<span style="font-weight:bold;">attribute</span> filesystem_type;
<span style="font-weight:bold;">type</span> dhcp_etc_t;
<span style="font-weight:bold;">typealias</span> dhcp_etc_t <span style="font-weight:bold;">ALIAS</span> <span style="font-weight:bold;">{</span> etc_dhcp_t etc_dhcpc_t etc_dhcpd_t <span style="font-weight:bold;">}</span>;

<span style="font-weight:bold;">bool</span> le_boolean <span style="color:#0095ff;font-weight:bold;">true</span>;
<span style="font-weight:bold;">TUNABLE</span> allow_java_execstack <span style="color:#0095ff;font-weight:bold;">false</span>;

<span style="font-weight:bold;">type_transition</span> root_xdrawable_t input_xevent_t:<span style="color:#0057ae;">x_event</span> root_input_xevent_t;
<span style="color:#bf0303;font-weight:bold;">AUDITALLOW</span> xserver_t <span style="font-weight:bold;">{</span> root_xdrawable_t x_domain <span style="font-weight:bold;">}</span>:<span style="color:#0057ae;">x_drawable</span> <span style="color:#bf0303;">send</span>;

<span style="font-weight:bold;">optional</span> <span style="font-weight:bold;">{</span>
	<span style="color:#bf0303;font-weight:bold;">neverallow</span> untrusted_app <span style="color:#3daee9;">*</span>:<span style="font-weight:bold;">{</span> netlink_route_socket netlink_selinux_socket <span style="font-weight:bold;">}</span> <span style="color:#bf0303;">ioctl</span>;
	<span style="color:#bf0303;font-weight:bold;">neverallowxperm</span> shell domain:<span style="font-weight:bold;">{</span> rawip_socket tcp_socket udp_socket <span style="font-weight:bold;">}</span> <span style="color:#bf0303;">ioctl</span> priv_sock_ioctls;
<span style="font-weight:bold;">}</span>;

<span style="font-weight:bold;">if</span> le_boolean <span style="font-weight:bold;">{</span>
	<span style="color:#bf0303;font-weight:bold;">DONTAUDIT</span> untrusted_app asec_public_file:<span style="color:#0057ae;">file</span> <span style="font-weight:bold;">{</span> <span style="color:#bf0303;">execute</span> <span style="color:#bf0303;">execmod</span> <span style="font-weight:bold;">}</span>;
<span style="font-weight:bold;">}</span> <span style="font-weight:bold;">else</span> <span style="font-weight:bold;">{</span>
	<span style="color:#bf0303;font-weight:bold;">ALLOW</span> untrusted_app perfprofd_data_file:<span style="color:#0057ae;">file</span> r_file_perms;
	<span style="color:#bf0303;font-weight:bold;">allow</span> untrusted_app perfprofd_data_file:<span style="color:#0057ae;">dir</span> r_dir_perms;
<span style="font-weight:bold;">}</span>;

<span style="font-weight:bold;">sid</span> devnull <span style="color:#006e28;">system_u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">null_device_t</span>:<span style="color:#006e28;">s0</span>
<span style="font-weight:bold;">genfscon</span> <span style="font-style:italic;">sysfs</span> /devices/system/cpu/online <span style="color:#644a9b;font-style:italic;">gen_context</span>(<span style="color:#006e28;">system_u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">cpu_online_t</span>,<span style="color:#006e28;">s0</span>)
<span style="font-weight:bold;">genfscon</span> <span style="font-style:italic;">rootfs</span> / <span style="color:#644a9b;font-style:italic;">gen_context</span>(<span style="color:#006e28;">system_u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">root_t</span>,<span style="color:#006e28;">s0</span>)

<span style="font-weight:bold;">genfscon</span> <span style="font-style:italic;">proc</span> /cpuinfo <span style="color:#006e28;">u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">proc_cpuinfo</span>:<span style="color:#006e28;">s0</span>
<span style="font-weight:bold;">genfscon</span> <span style="font-style:italic;">selinuxfs</span> / <span style="color:#006e28;">u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">selinuxfs</span>:<span style="color:#006e28;">s0</span>
<span style="font-weight:bold;">fs_use_trans</span> <span style="font-style:italic;">devtmpfs</span> <span style="color:#006e28;">system_u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">device_t</span>:<span style="color:#006e28;">s0</span>;
<span style="font-weight:bold;">fs_use_task</span> <span style="font-style:italic;">pipefs</span> <span style="color:#006e28;">u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">pipefs</span>:<span style="color:#006e28;">s0</span>;
<span style="font-weight:bold;">fs_use_xattr</span> <span style="font-style:italic;">xfs</span> <span style="color:#006e28;">u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">labeledfs</span>:<span style="color:#006e28;">s0</span>;
<span style="font-weight:bold;">fs_use_xattr</span> <span style="font-style:italic;">btrfs</span> <span style="color:#006e28;">u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">labeledfs</span>:<span style="color:#006e28;">s0</span>;

<span style="font-weight:bold;">portcon</span> tcp <span style="color:#b08000;">80</span> <span style="color:#006e28;">u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">http_port</span>:<span style="color:#006e28;">s0</span>;
<span style="font-weight:bold;">portcon</span> udp <span style="color:#b08000;">1024</span>-<span style="color:#b08000;">65535</span> <span style="color:#644a9b;font-style:italic;">gen_context</span>(<span style="color:#006e28;">system_u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">unreserved_port_t</span>,<span style="color:#006e28;"> s0</span>);
<span style="font-weight:bold;">netifcon</span> <span style="color:#0057ae;">$2</span> <span style="color:#644a9b;font-style:italic;">gen_context</span>(<span style="color:#006e28;">system_u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#0057ae;">$1</span>,<span style="color:#0057ae;">$3</span>) <span style="color:#644a9b;font-style:italic;">gen_context</span>(<span style="color:#006e28;">system_u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">unlabeled_t</span>,<span style="color:#0057ae;">$3</span>);

<span style="font-weight:bold;">nodecon</span> <span style="color:#b08000;">2001:0DB8:AC10:FE01::</span> <span style="color:#b08000;">2001:0DE0:DA88:2222::</span> <span style="color:#006e28;">system_u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">hello_t</span>:<span style="color:#006e28;">s0</span>;
<span style="font-weight:bold;">nodecon</span> ipv4 <span style="color:#b08000;">127.0.0.2</span> <span style="color:#b08000;">255.255.255.255</span> <span style="color:#006e28;">system_u</span>:<span style="color:#006e28;">object_r</span>:<span style="color:#924c9d;">node_t</span>:<span style="color:#006e28;">s0</span>;

<span style="color:#006e28;">#line 118</span>

<span style="color:#898887;"># Regular Expressions</span>
<span style="color:#644a9b;font-weight:bold;">regexp</span>(<span style="color:#bf0303;font-weight:bold;">`</span>Hello<span style="color:#ff5500;">(</span><span style="color:#ff5500;">!</span><span style="color:#ca60ca;">|</span><span style="color:#924c9d;">\^\^</span><span style="color:#ff5500;">)</span><span style="color:#3daee9;">+</span><span style="color:#bf0303;font-weight:bold;">'</span>, <span style="color:#bf0303;font-weight:bold;">`</span>
	<span style="color:#3daee9;">^</span><span style="color:#924c9d;">\s</span><span style="color:#3daee9;">*</span><span style="color:#ff5500;">(</span><span style="color:#ca60ca;">?&lt;hello&gt;</span><span style="color:#924c9d;">\.</span><span style="color:#ff5500;">)</span>
	<span style="color:#ff5500;">(</span>
<span style="color:#ff5500;">		hello</span><span style="color:#ff5500;">[</span><span style="color:#ca60ca;">^</span><span style="color:#924c9d;">\s\x12</span><span style="color:#ff5500;">/</span><span style="color:#ff5500;">][</span><span style="color:#ff5500;">1-9</span><span style="color:#ff5500;">]</span><span style="color:#3daee9;">*</span><span style="color:#ca60ca;">|</span><span style="color:#ff5500;"> </span><span style="color:#898887;"> # Hello</span>
<span style="color:#ff5500;">		bye</span>
<span style="color:#ff5500;">	</span><span style="color:#ff5500;">)</span><span style="color:#924c9d;">\s</span><span style="color:#3daee9;">*$</span>
<span style="color:#bf0303;font-weight:bold;">'</span>) 
<span style="color:#bf0303;">&quot;aa/aa</span><span style="color:#ff5500;">(</span><span style="color:#ca60ca;">?=</span><span style="color:#ff5500;">sdf sdf</span><span style="color:#ff5500;">)</span><span style="color:#bf0303;">ds</span><span style="color:#ff5500;">(</span><span style="color:#ff5500;">aa aa</span><span style="color:#ff5500;">)</span><span style="color:#bf0303;">df</span><span style="color:#ff5500;">[</span><span style="color:#ca60ca;">^</span><span style="color:#ff5500;"> a</span><span style="color:#ff5500;">]</span><span style="color:#bf0303;">&quot;</span>
<span style="color:#bf0303;">&quot;ope</span><span style="color:#bf0303;text-decoration:underline;">n</span>
<span style="color:#bf0303;">&quot;text\&quot;</span>aaa
<span style="color:#bf0303;">&quot;filename\s\w\%(?=aa)aa&quot;</span>
<span style="color:#bf0303;">&quot;/path</span><span style="color:#924c9d;">\s\w</span><span style="color:#ff5500;">(</span><span style="color:#ca60ca;">?=</span><span style="color:#ff5500;">aa</span><span style="color:#ff5500;">)</span><span style="color:#bf0303;">aa&quot;</span>

<span style="color:#006e28;">u</span>:<span style="color:#006e28;">role</span>:<span style="color:#924c9d;">type</span>:<span style="color:#006e28;">sen</span>:<span style="color:#006e28;">cat</span>:other
<span style="color:#006e28;">u</span>:<span style="color:#006e28;">role</span>:<span style="color:#924c9d;">type</span>:<span style="color:#006e28;">sen</span>:<span style="color:#006e28;">cat</span> - <span style="color:#006e28;">sen</span>:<span style="color:#006e28;">cat</span>:other
<span style="color:#006e28;">u</span>:<span style="color:#006e28;">role</span>:<span style="color:#924c9d;">type</span>:<span style="color:#006e28;">s0</span>.<span style="color:#006e28;">s1</span>:<span style="color:#006e28;">c0</span> , <span style="color:#006e28;">c1</span> - <span style="color:#006e28;">s2</span>.<span style="color:#006e28;">s3</span>:<span style="color:#006e28;">c2</span>.<span style="color:#006e28;">c3</span>,<span style="color:#006e28;">c4</span>:other
<span style="color:#006e28;">u</span>:<span style="color:#006e28;">role</span>:<span style="color:#924c9d;">type</span>:<span style="color:#006e28;">s0</span>,other
</pre></body></html>
